advent22/api/advent22_api/routers/_security.py

import secrets
from datetime import date

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials

from ..core.config import Config, get_config
from ..core.depends import get_all_event_dates
from ..core.helpers import EventDates

security = HTTPBasic()


async def user_is_admin(
    credentials: HTTPBasicCredentials = Depends(security),
    cfg: Config = Depends(get_config),
) -> bool:
    """
    True iff der user "admin" ist
    """

    username_correct = secrets.compare_digest(
        credentials.username.lower(),
        cfg.admin.name.lower(),
    )
    password_correct = secrets.compare_digest(
        credentials.password,
        cfg.admin.password,
    )

    return username_correct and password_correct


async def require_admin(
    is_admin: bool = Depends(user_is_admin),
) -> None:
    """
    HTTP 401 iff der user nicht "admin" ist
    """

    if not is_admin:
        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Wie unhöflich!!!")


async def user_visible_days(
    event_dates: EventDates = Depends(get_all_event_dates),
) -> list[int]:
    """
    User-sichtbare Türchen
    """

    today = date.today()

    return [event for event, date in event_dates.dates.items() if date <= today]


async def user_can_view_day(
    day: int,
    visible_days: list[int] = Depends(user_visible_days),
) -> bool:
    """
    True iff das Türchen von Tag `day` user-sichtbar ist
    """

    return day in visible_days
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00			`import secrets`
			`from datetime import date`

			`from fastapi import Depends, HTTPException, status`
			`from fastapi.security import HTTPBasic, HTTPBasicCredentials`

remove `(Calendar)Config`'s static methods for good measure 2023-09-08 19:53:35 +00:00			`from ..core.config import Config, get_config`
rework _security to respect EventDates 2023-09-21 11:26:02 +00:00			`from ..core.depends import get_all_event_dates`
			`from ..core.helpers import EventDates`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00
			`security = HTTPBasic()`


			`async def user_is_admin(`
			`credentials: HTTPBasicCredentials = Depends(security),`
remove `(Calendar)Config`'s static methods for good measure 2023-09-08 19:53:35 +00:00			`cfg: Config = Depends(get_config),`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00			`) -> bool:`
documentation 2023-09-08 19:44:41 +00:00			`"""`
			`True iff der user "admin" ist`
			`"""`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00
user name case sensitivity 2023-11-21 21:54:37 +00:00			`username_correct = secrets.compare_digest(`
			`credentials.username.lower(),`
			`cfg.admin.name.lower(),`
			`)`
			`password_correct = secrets.compare_digest(`
			`credentials.password,`
			`cfg.admin.password,`
			`)`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00
			`return username_correct and password_correct`


			`async def require_admin(`
			`is_admin: bool = Depends(user_is_admin),`
			`) -> None:`
documentation 2023-09-08 19:44:41 +00:00			`"""`
			`HTTP 401 iff der user nicht "admin" ist`
			`"""`

module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00			`if not is_admin:`
rework _security to respect EventDates 2023-09-21 11:26:02 +00:00			`raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Wie unhöflich!!!")`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00

rework _security to respect EventDates 2023-09-21 11:26:02 +00:00			`async def user_visible_days(`
			`event_dates: EventDates = Depends(get_all_event_dates),`
			`) -> list[int]:`
documentation 2023-09-08 19:44:41 +00:00			`"""`
minor improvements 2023-11-23 23:59:10 +00:00			`User-sichtbare Türchen`
documentation 2023-09-08 19:44:41 +00:00			`"""`

module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00			`today = date.today()`

rework _security to respect EventDates 2023-09-21 11:26:02 +00:00			`return [event for event, date in event_dates.dates.items() if date <= today]`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00

major cleanup - `routers`: `admin`, `days`, `general`, `user` -> `admin`, `images` - `core.depends`: cleanup - `core.*_helpers`: joined in `core.helpers` 2023-09-12 13:50:02 +00:00			`async def user_can_view_day(`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00			`day: int,`
rework _security to respect EventDates 2023-09-21 11:26:02 +00:00			`visible_days: list[int] = Depends(user_visible_days),`
module routers._security for user/admin stuff 2023-09-08 19:33:43 +00:00			`) -> bool:`
documentation 2023-09-08 19:44:41 +00:00			`"""`
			True iff das Türchen von Tag `day` user-sichtbar ist
			`"""`

rework _security to respect EventDates 2023-09-21 11:26:02 +00:00			`return day in visible_days`